© 2005 ravi sandhu access control hierarchies (best viewed in slide show mode) ravi sandhu...
TRANSCRIPT
![Page 1: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/1.jpg)
© 2005 Ravi Sandhuwww.list.gmu.edu
Access Control Hierarchies(best viewed in slide show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
![Page 2: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/2.jpg)
2
© 2005 Ravi Sandhuwww.list.gmu.edu
RBAC96 Model
![Page 3: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/3.jpg)
3
© 2005 Ravi Sandhuwww.list.gmu.edu
ARBAC97
• User-Role Assignment: URA97
• Permission-Role Assignment: PRA97
• Role-Role Assignment: RRA97
Ravi Sandhu, Venkata Bhamidipati and Qamar Munawer. “The ARBAC97 Model for Role-Based Administration of Roles.” ACM Transactions on Information and System Security, Volume 2, Number 1, February 1999, pages 105-135.
![Page 4: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/4.jpg)
4
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Role Hierarchy
![Page 5: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/5.jpg)
5
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Administrative Role Hierarchy
![Page 6: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/6.jpg)
6
© 2005 Ravi Sandhuwww.list.gmu.edu
Abilities, Groups and UP-Roles
![Page 7: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/7.jpg)
7
© 2005 Ravi Sandhuwww.list.gmu.edu
Four operations
• Create role• Delete role• Insert edge• Delete edge
• Authorized by a single relation can-modify• More complex operations can be built from these• Chief Security Officer can bypass all these controls
![Page 8: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/8.jpg)
8
© 2005 Ravi Sandhuwww.list.gmu.edu
can-modify
not a typo
• Authority range must be encapsulated• To be discussed later
![Page 9: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/9.jpg)
9
© 2005 Ravi Sandhuwww.list.gmu.edu
Example Role Hierarchy
DSOPSO1 PSO1
![Page 10: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/10.jpg)
10
© 2005 Ravi Sandhuwww.list.gmu.edu
Semantics of create role
• Specify immediate parent and child• These must be within the can-modify range or be one
of the endpoints of the range• Immediate parent must be senior to immediate child
• If junior will introduce cycle• If incomparable will introduce a new edge (so introduce
the new edge first and then create the new role)• Immediate parent and immediate child must
constitute a create range (prior to creation)• To be discussed later
![Page 11: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/11.jpg)
11
© 2005 Ravi Sandhuwww.list.gmu.edu
Semantics of delete role
• Deletion of a role preserves all transitive edges• Deletion that causes dangling references is prohibited
• Prohibit deletion of roles used in can_assign, can_revoke, can_modify OR
• Deactivate these roles when they are deleted. Inactive roles cannot be activated in a session and new users and permissions cannot be added.
• Preserve permissions and users in a deleted role• Only empty roles can be deleted OR• Users pushed down to immediately junior roles and permissions are
pushed up to immediately senior roles
![Page 12: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/12.jpg)
12
© 2005 Ravi Sandhuwww.list.gmu.edu
Semantics of insert edge
• Edges can be inserted only between incomparable roles
• Edge insertion must preserve encapsulation of authority ranges• To be discussed
![Page 13: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/13.jpg)
13
© 2005 Ravi Sandhuwww.list.gmu.edu
Semantics of delete edge
• Edges can be deleted only if they are not transitively implied
• Deleting an edge preserves transitive edges• Some of which will become visible in the Hasse
diagram
• Cannot delete an edge between the endpoints of an authority range• To be discussed
![Page 14: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/14.jpg)
14
© 2005 Ravi Sandhuwww.list.gmu.edu
Edge insertion anomaly
DSOPSO1 PSO1
![Page 15: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/15.jpg)
15
© 2005 Ravi Sandhuwww.list.gmu.edu
Edge insertion anomaly
• Edge insertion by PSO1 in range (E1,PL1) impacts relationship between X and Y outside the PSO1 range
![Page 16: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/16.jpg)
16
© 2005 Ravi Sandhuwww.list.gmu.edu
Edge insertion anomaly
• Let it happen
• Do not allow X and Y to be introduced (by DSO)
• Do not allow PSO1 to insert edge from QE1 to PE1
![Page 17: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/17.jpg)
17
© 2005 Ravi Sandhuwww.list.gmu.edu
Role Ranges
typo
![Page 18: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/18.jpg)
© 2005 Ravi Sandhuwww.list.gmu.edu
Range Definitions
Range
Create Range
EncapsulatedRange
AuthorityRange
![Page 19: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/19.jpg)
19
© 2005 Ravi Sandhuwww.list.gmu.edu
Encapsulated Role Ranges
typo
![Page 20: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/20.jpg)
20
© 2005 Ravi Sandhuwww.list.gmu.edu
Encapsulated Role Ranges
DSOPSO1 PSO1
Encapsulated• (E1,PL1)• (E2,PL2)• (ED,DIR)• (E,DIR)Non-encapsulated• (E,PL1)• (E,PL2)• (E,E1)• (E,E2)
![Page 21: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/21.jpg)
21
© 2005 Ravi Sandhuwww.list.gmu.edu
Encapsulated Role Ranges
Encapsulated• (x,y)• (r2,y)• (B,A)Non-encapsulated• (x’,y’)• (B,y’)
![Page 22: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/22.jpg)
22
© 2005 Ravi Sandhuwww.list.gmu.edu
Encapsulated Role Ranges
Encapsulated• (r2,y)• (B,A)•(Non-encapsulated• (x,y)• (x’,y’)• (B,y’)
![Page 23: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/23.jpg)
23
© 2005 Ravi Sandhuwww.list.gmu.edu
Create Ranges
![Page 24: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/24.jpg)
24
© 2005 Ravi Sandhuwww.list.gmu.edu
Create Ranges
Authority ranges• (B,A)• (x,y)
Create ranges• dashed lines ---
B is end point of ARimmediate(y)
A is end point of ARimmediate(r3)
A is end point of ARimmediate(x)
these are not create ranges
![Page 25: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/25.jpg)
25
© 2005 Ravi Sandhuwww.list.gmu.edu
Preserving encapsulation on edge insertion
![Page 26: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/26.jpg)
26
© 2005 Ravi Sandhuwww.list.gmu.edu
Preserving encapsulation on edge insertion
Authority ranges• (B,A)• (x,y)
• Insertion of (y,r3) is ok but will prevent future insertion of (r3,x)• Likewise insertion of (r3,x) is ok but will prevent future insertion of (y,r3)
![Page 27: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/27.jpg)
27
© 2005 Ravi Sandhuwww.list.gmu.edu
Edge deletion example
![Page 28: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/28.jpg)
28
© 2005 Ravi Sandhuwww.list.gmu.edu
Next class
• Read• Jason Crampton and George Loizou. “Administrative
scope: A foundation for role-based administrative models.” ACM Transactions on Information and System Security, Volume 6, Number 2, May 2003, pages 201-231. Available in ACM digital library through GMU.
and come prepared to discuss
![Page 29: © 2005 Ravi Sandhu Access Control Hierarchies (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology](https://reader033.vdocuments.us/reader033/viewer/2022061306/551463f5550346414e8b5a88/html5/thumbnails/29.jpg)
29
© 2005 Ravi Sandhuwww.list.gmu.edu
Assignment
1. Prove or give counterexample • An authority range is always a create range?
• If x is an immediate child of y then (x,y) is a create range?
2. Prove or give counterexample• If x is an immediate child of y then (x,y) can always be
introduced into can-modify as an authority range that is guaranteed to be encapsulated?